<?php
 include "counter.php";
 $self_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

   $name = $counter->get_input('name', '', 'get');
   $city = $counter->get_input('city', '', 'get');
   $country = $counter->get_input('country', '', 'get');
   $ustate = $counter->get_input('ustate', '', 'get');
   $email = $counter->get_input('email', '', 'get');
   $anything = $counter->get_input('anything', '', 'get');
   $limit = $counter->get_input('limit', 'number', 'get');
   $slowsearch = $counter->get_input('slowsearch', '', 'get');
 if (!$limit) {
     $limit = 20;
 } 
?>
<?php pagehead("Search for an user") ?>
<BODY bgcolor="white">
<?php pagetop("Search for an user") ?>
Note: Use the SQL "anything" symbol % for substring match, not the Unix *.
<br>
You can't search for frozen entries using this. Use the
<a href="freetextsearch.php">free text search</a> function instead.

<form action="<?php echo $self_url ?>">
<table>
<tr><td>Name:<td> <input name="name" value="<?php echo $name ?>">
<td><input type="checkbox" checked name="name_substring" value="substring">
Substring match
<tr><td>City:<td> <input name="city" value="<?php echo $city ?>">
<tr><td>Country:<td> <input name="country" size=2 value="<?php echo $country ?>">
<tr><td>Email:<td> <input name="email" value="<?php echo $email ?>">
<tr><td>User State:<td>
<select name="ustate">
<option value="" selected>Anything
<option value="ok">OK
<option value="bad">Bad (to be frozen)
<option value="blocked">Blocked (no email please)
</select>
<tr><td>Anything:<td> <input name="anything" value="<?php echo $anything ?>">
<tr><td>Limit:<td><input name="limit" value="<?php echo $limit ?>">
	<input type="checkbox" name="slowsearch" value="yes"> Force
 searches that will be slow
</table>
<input type="submit" value="Search">
<input type="reset" value="Clear">
</form>

<?php
if ($name || $city || $country || $ustate || $email || $anything) {
#    if ($ustate == "frozen") {
#        $search = "select users.f_key, users.email, users.state as ustate from users, frozen
#	    where users.state = 'frozen' and users.f_key = frozen.owner
#		and frozen.ftable = 'persons'
#		and frozen.f_raw like '%$anything%'";
#     } else {
            if ($email) {
	        $search = "select users.f_key, name, users.email,
		city, country, users.state as ustate from users left
		join persons on users.f_key = persons.f_key, email where users.f_key = email.owner and  ";
	        $ands[] = "email.f_key like '$email'";
	    } else {
	        $search = "select persons.f_key, name, users.email, city, country, users.state as ustate from persons, users where users.f_key = persons.f_key and ";
	    }
	    if ($name) {
                if ($name_substring == 'substring') {
                        $ands[] = "name like '%$name%'";
                } else {
                        $ands[] = "name like '$name'";
                }
            }
	    if ($city) { $ands[] = "city like '$city'"; }
	    if ($country) { $ands[] = "country like '$country'"; }
	    if ($ustate) { $ands[] = "users.state like '$ustate'"; }
	    if ($anything) { $ands[] = "persons.f_raw like '%$anything%'"; }
	    $search .= join(" and ", $ands);
 #    }
        print "Search expression is \"$search\"<br>\n";
	# Try to figure out how complex this query is, and stop if
	# it's excessively complex
	$complex = mysql_query("explain $search");
	if (!$complex) {
		print mysql_error();
		die("Query for explanation failed");
	}
	$complexity = 0;
	while ($arr = mysql_fetch_array($complex)) {
	     print $arr["table"] . " " . $arr["rows"] . "<br>";
	     $complexity += $arr["rows"];
        }
	if ($complexity > 10000 && $slowsearch != "yes") {
	   print "This fetches more than 10000 rows. Please specify
	   more information.";
	} else {
	   flush();
	   ob_flush(); # php overkill
 	   $query = mysql_query($search);
	   if (!$query) {
		print mysql_error();
		die("Query failed");
	   }
	   $rows = mysql_num_rows($query);
	   if ($rows == 0) {
		print "<p>Nothing found\n";
	   } else {
		print "<p>$rows entries found\n";
		if ($rows > $limit) {
			print "<br>" . $limit . " first matches shown\n";
		}
		print "<table border>";
		$countix = 0;
		while ($arr = mysql_fetch_array($query)) {
			print "<tr><td>";
			print "<a href=\"/cgi-bin/adm/display-person.cgi?user=$arr[f_key]\">";
			print $arr[f_key] . "</a>";
			print "<td>" . $arr[name] . "\n";
			print "<td>" . $arr[email] . "\n";
			print "<td>" . $arr[city] . "\n";
			print "<td>" . $arr[country] . "\n";
			print "<td>" . $arr[ustate] . "\n";

			++ $countix;
			if ($countix > $limit) {
				break;
			}
		}
		print "</table>\n";
	   }
	}
}
?>


<?php pagebottom() ?>
</body>
</html>
